Report: Chinese spy recruitment hub LinkedIn guilty of accessing private data

American business and employment-oriented social media platform LinkedIn is currently in hot water over allegations that its iPhone application read and diverted its users’ content, some of which may be deemed sensitive.

The California-based network, a Reuters report said, is now facing charges filed by Apple user Adam Bauer, at the San Francisco Federal Court.

Bauer, in his complaint, noted that LinkedIn, through its iPhone app, accessed the Universal Clipboard information without any prior notification to its users, among others.

As detailed in Bauer’s complaint, by circumventing the Universal Clipboard, the social media platform, which is owned by Microsoft, not only spied on its users’ phones, it also spied on their nearby computers and other devices. (Related: Big Brother caught watching: Norway pulls coronavirus contact tracing app due to privacy issues.)

“…Information such as photos, text and email messages, voice recordings, and other communications, are expected to remain in the clipboard until the user herself issues a paste command or overwrites the information,” the lawsuit against LinkedIn said, adding that the site “ignored” that expectation and then proceeded to intentionally and repeatedly invade its users’ privacy.

The Universal Clipboard allows users to copy data in the form of text, images, photos and videos on one Apple device and then paste the content onto another device within the Apple ecosystem.

In a video shared on Twitter, Urspace developer Donald Morton showed how LinkedIn’s app was reading the clipboard content after every user keypress, with the app even accessing the shared clipboard feature that allows iOS apps to read content from a user’s macOS clipboard.

LinkedIn is copying the contents of my clipboard every keystroke. IOS 14 allows users to see each paste notification.

I’m on an IPad Pro and it’s copying from the clipboard of my MacBook Pro.

Tik tok just got called out for this exact reason. pic.twitter.com/l6NIT8ixEF

— don (@m0nald) July 2, 2020

Morton, in a blog post, said that giving apps unlimited access to the contents of one’s clipboards can be dangerous, especially since sensitive data and information, such as passwords, bank account details, credit cards and even private crypto keys, can be easily scraped just by tracking one’s keystrokes.

LinkedIn VP Erran Berger has since stated that the alleged “snooping” was “unintentional” and that it was caused by a bug in the app’s code.

Hi @DonCubed. Appreciate you raising this. We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents.

— Erran Berger (@eberger45) July 3, 2020

In addition, Berger noted that the app does not store or transmit the clipboard data and that a new version of the company’s iOS app had been released to fix the issue.

LinkedIn is currently reviewing the lawsuit filed by Bauer, its spokesperson, Dan Miller, said.

Aside from LinkedIn, 52 other apps including that of social news aggregator Reddit and social media platform TikTok have been accused of illegally accessing their users’ Universal Clipboard content after the said apps generated alerts about clipboard access in the test version of iOS 14.

Reddit, in a statement, said the “snooping” from their end was caused by faulty code.

“We tracked this down to a codepath in the post composer that checks for URLs in the pasteboard and then suggests a post title based on the text contents of the URL. We do not store or send the pasteboard contents,” a spokesman for Reddit said, adding that their fixes for the app’s code will go live on July 14th.

TikTok, meanwhile, said the alert was triggered by a feature designed to identify repetitive, spammy behavior.

“We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion,” a representative from TikTok said, adding that the social network, which currently has over 800 million users worldwide, is committed to protecting their users’ privacy.

TikTok was called out earlier this year for allegedly breaching user privacy, an incident that eventually led to U.S. Secretary of State Mike Pompeo threatening to ban the app for allegedly sending out its users’ private information to the Chinese Communist Party.

LinkedIn: Beijing’s spy recruitment hub?

This is not the first time that LinkedIn has been embroiled in a scandal involving data — the online platform was also the subject of an investigation after it was found that Chinese intelligence agents were using the site to screen potential agents.

These agents, a report said, typically create fake LinkedIn profiles — with some even using AI-generated profile pictures — to try to connect with high-value targets on the social media platform. These “high-value” targets include researchers, academics, business executives and government employees.

“We’ve seen China’s intelligence services doing this on a mass scale,” William R. Evanina, the director of the National Counterintelligence and Security Center, said.

Evanina, whose agency tracks foreign spying and alerts companies to possible infiltration, noted that instead of dispatching spies to the U.S. to recruit targets, Chinese agents now merely sit behind a computer and send out friend requests to targets using fake profiles.

According to experts, this is because LinkedIn is also the only major American social media platform not blocked in China — a result of the Microsoft-owned company’s decision to censor posts containing “delicate material.”

Sources include:

Breitbart.com

Reuters.com

WashingtonTimes.com

Apple.com

State.Substack.com

MacRumors.com

TheVerge.com

Oberlo.com

WashingtonPost.com

FastCompany.com

NYTimes.com